Darz
asked on
nmap - Why do I get closed responses when it should just assume closed
I would expect to get responses like open and filtered, open|filtered even which are meaningful, but nmap gives me back a list of ports, some of which are marked 'closed' ... but the other ports which it does not give me back in the results are assumed closed also, so why do some get reported as 'closed' and some just left to be assumed closed. Am I missing something? Is there another meaning to these returned as closed than the other ones which are just assumed to be closed?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cheers for that! I almost forgot to accept your answer. So there you go :)
ASKER
One last thing though I still haven't got straight ... a couple of the scan types (window and maimon) for a machine I just tested there are giving me back a few 'filtered' and 'open|filtered' results respectively and saying that the remaining ports are 'closed' ... so under your definition of closed, there are 995 ports which allow access to them but have nothing running there, that's fine, so these scans would lead me to believe that at least 995 ports should be blocked at the firewall. But then I go and do a SYN scan which reports 6xopen ports, 8xclosed and all remaining are said to be filtered!!
So I'm thinking this one of three things ... (a) nmap just doesn't know the difference sometimes depending on it's method of scanning (b) closed means something different depending on the scan type, like maybe for firewall related scans as opposed to ... ACK does say all remaining are 'unfiltered' and just lists the 5 'filtered' ones which is fair enough, but but then window, as above, seems to be contradicting the SYN scan result which says that all remaining ports are filtered (c) I'm totally confused :P